Online payer authentication service

ABSTRACT

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder&#39;s identity using a variety of authentication methods, such as the use of passwords. Also, the only system participant requiring a certificate is the issuing financial institution. One embodiment of the invention for authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requests a password from the cardholder, verifies the password, and notifies a merchant whether the cardholder&#39;s authenticity has been verified. In another aspect of the invention, a chip card and the authentication service independently generate cryptograms that must match in order for the service to verify that the correct chip card is being used by the cardholder.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a divisional of U.S. patent application Ser. No.09/842,313 filed Apr. 24, 2001 entitled “Online Payer AuthenticationService,” which claims priority of U.S. provisional patent applicationNo. 60/199,727 filed Apr. 24, 2000 entitled “Visa Payer AuthenticationService Description,” both of which are hereby incorporated byreference.

FIELD OF THE INVENTION

The present invention relates generally to financial transactions, andmore specifically to authenticating the identity of payers during onlinetransactions.

BACKGROUND OF THE INVENTION

During a payment transaction using a payment card (e.g., a credit,debit, or stored value card), it is important to verify a cardholder'sownership of an account to avoid a variety of problems, such asunauthorized use. Payer authentication is the process of verifying acardholder's ownership of an account. The most common method toauthenticate a cardholder's ownership of an account occurs routinely ata point of sale during what is called a “card present” transaction. Acard present transaction involves a merchant's representative taking thecardholder's card, swiping it though a payment card terminal to verifyaccount status and credit line availability, and then checking to seethat the signature on the back of the card matches the purchaser'ssignature. If the merchant follows specific guidelines for this type oftransaction, the merchant will be guaranteed payment for the amountauthorized less discount and fees. A service provider such as VisaInternational Service Organization (or service organization) may providethese specific guidelines.

“Card not present” transactions, on the other hand, such as thoseoccurring online, through the mail, or over the telephone, involvepayments that are not guaranteed to the merchant. No guarantee isprovided primarily because the payers are not authenticated in such nonface-to-face transactions, thereby allowing many risks to accompany the“card not present” transactions. Such risks involve issues such aschargebacks of payment transactions to online merchants, fraud for bothmerchants and cardholders, increased exception item processing expensesfor banks, and an increased perception that buying goods and servicesonline is not safe and secure, which may keep some consumers from buyingonline. Specific examples of risks include the unauthorized use ofstolen account information to purchase goods and services online,fabrication of card account numbers to make fraudulent online purchases,and extraction of clear text account information from network traffic.

Given the continued expected high growth of electronic commerce, it isimportant to provide methods to authenticate payers. This will benefitall payment system participants including cardholders, merchants, andfinancial institutions. Authenticating the payer during online purchasetransactions will reduce the levels of fraud, disputes, retrievals andcharge-backs, which subsequently will reduce the costs associated witheach of these events. Authenticating the payer also addresses consumersecurity concerns and therefore will lead to increased online sales.Prior systems used to authenticate consumers during online transactionshave not been widely adopted because these systems were difficult touse, had complex designs, required significant up-front investment bysystem participants and lacked interoperability. Certain prior systemsadditionally required the creation, distribution and use of certificatesby merchants, cardholders, issuers and acquirers. Such use ofcertificates is known to be quite burdensome.

In view of the foregoing, a system for authenticating the identity ofthe payer in an online transaction would be desirable. Such anauthenticating system should be relatively easy to implement and use,require a minimal investment of resources, and provide a high level ofinteroperability between the system's participants.

BRIEF SUMMARY OF THE INVENTION

The present invention is directed towards an online service forauthenticating the identity of a payer during online transactions. Thepresent invention is relatively easy to implement and use, requires aminimal investment of resources to implement, and provides a high levelof interoperability between the system's participants. Theauthentication service of the present invention allows a card issuer toverify a cardholder's identity using a variety of authenticationmethods, such as the use of passwords. Also, the only system participantrequiring a certificate is the issuing financial institution. Theauthentication service can also provide authentication results to themerchant in real time during the checkout process.

In a first embodiment, the invention is directed toward the use of atraditional card, such as credit cards, debit cards, identificationcards, etc. One aspect of the first embodiment pertains to a method forauthenticating the identity of a cardholder during an onlinetransaction. The method involves merchants querying a card issuermanaged access control server to determine if said cardholder isenrolled in a payment authentication service, requesting a password fromthe cardholder, verifying said password, and notifying a merchant of theauthenticity of the cardholder if the password entered by saidcardholder is authenticated.

In a second embodiment, the invention is directed towards the use of anintegrated circuit card (also known as a smart card or chip card). Oneaspect of the second embodiment pertains to a method for authenticatingthe chip card being used by a customer. This method involves verifyingthat the cardholder client device includes a chip card reader and thenprompting the customer to enter the chip card into the chip card reader.After the chip card reader receives the chip card, the chip cardgenerates a cryptogram which is then sent to the access control server.The access control server then independently generates a secondcryptogram based upon information in the chip card and compares the chipcard cryptogram to the second cryptogram. If the two independentlygenerated cryptograms match, then the authenticity of the card isverified.

The service of the present invention presents many advantages. Forexample, the authentication service lays the foundation for establishingguaranteed payments for merchants involved with “card not present”transactions. Additionally, the authentication service will reducechargebacks, frauds, and exception item processing. These and otherfeatures and advantages of the present invention will be presented inmore detail in the following specification of the invention and theaccompanying figures, which illustrate by way of example the principlesof the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention, together with further advantages thereof, may best beunderstood by reference to the following description taken inconjunction with the accompanying drawings in which:

FIG. 1 schematically illustrates one embodiment of an infrastructurearchitecture that can support the Payer Authentication Service (PAS).

FIG. 2 illustrates the process through which a cardholder registers withPAS according to one embodiment of the present invention.

FIG. 3 illustrates one embodiment of an Internet web page in which acardholder can enter information during the enrollment process for PAS.

FIG. 4 illustrates a PAS authenticated payment transaction according toone embodiment of the present invention.

FIG. 5 illustrates an exemplary window that prompts the cardholder forhis or her password.

FIG. 6 illustrates exemplary messages that are sent during the paymenttransaction superimposed over the PAS architecture.

FIG. 7 illustrates the message flows on the centralized PAS architectureaccording to a centralized embodiment of the present invention.

FIG. 8 illustrates the centralized payment flow that occurs between thecardholder client device, the PAS, and the merchant system, according tothe centralized embodiment of the present invention.

FIG. 9 illustrates the enrollment flow in the distributed PASarchitecture according to a distributed embodiment of the presentinvention.

FIG. 10 illustrates the payment flow in the distributed PAS architectureaccording to the distributed embodiment of the present invention.

FIG. 10A provides a high-level system architecture view of oneembodiment of the chip card payer authorization service.

FIG. 11 is a flow chart describing one example of a payment transactionusing the chip card embodiment of the payer authentication service.

FIG. 12 illustrates a system architecture view of the chip cardauthentication process according to one embodiment of the presentinvention.

FIG. 12A illustrates a detailed flow of messages between the chip card,the cardholder client system, and the issuer's access control server.

FIG. 13 illustrates a system diagram of the components utilized in theaccess control system embodiment of the payer authentication service.

FIG. 14 illustrates a telecommunications network suitable forimplementing an embodiment of the present invention.

FIG. 15 illustrates systems housed within an interchange center toprovide online and offline transaction processing.

FIG. 16 illustrates another view of the components of thetelecommunications network.

FIGS. 17A and 17B illustrate a computer system suitable for implementingembodiments of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

The present invention will now be described in detail with reference toa few preferred embodiments thereof as illustrated in the accompanyingdrawings. In the following description, numerous specific details areset forth in order to provide a thorough understanding of the presentinvention. It will be apparent, however, to one skilled in the art, thatthe present invention may be practiced without some or all of thesespecific details. In other instances, well known operations have notbeen described in detail so not to unnecessarily obscure the presentinvention.

To begin with, a high-level description of the authentication processused by the Payer Authentication Service (PAS) will be provided. Laterin this disclosure, a more detailed description of the authenticationprocess and other processes, such as system setup and customerregistration and specific message flows, will be provided. As explainedin the previous sections of this disclosure, PAS is designed toauthenticate cardholder account ownership during online purchasetransactions. PAS will be used, for example, when a cardholder shopsonline, adds items to a shopping cart, proceeds to the online merchant'scheckout page, and completes the online merchants checkout forms. PAScan also be used in various transactions when a trusted partyauthenticates the identity of an individual or entity for the benefit ofa third party. As is commonly known, the trusted party usually acceptslegal responsibility for the authentication of the individual or entityto the third party. For example, PAS can be used to authenticate afinancial institution's customers when accessing an Internet web site tocomplete an online form. PAS can also be used in aspects of retailbanking such as debit cards, purchase cards, stored value cards, as wellas wholesale banking, the medical business, the insurance business, thebrokerage business, etc. ID cards can also be used with PAS. Forexample, AAA may use PAS to authenticate the identity of its customer,or a telephone card company can use PAS to authenticate the identity ofthe user of a specific card.

PAS can perform its authentication processes after the consumer decidesto buy his or her desired products or services, for example, after theconsumer clicks a “buy” button. PAS can also begin its authenticationprocess at various other times in the consumer's purchase transaction,not only after the “buy” button is clicked. The authentication processis conducted mostly in a transparent mode to the consumer by utilizingsoftware that has been incorporated in several points of a paymentnetwork. PAS validates participation by the cardholder and thecardholder's financial institution and then creates a window in whichthe consumer can confirm his or her identity by requesting a previouslyregistered password from the cardholder. If the identity of the consumeris confirmed, the payment information and notice of the consumer'sauthentication is sent back to the merchant. Then, as conventionallyperformed, the payment transaction is processed by the merchant. Forexample, the merchant may send an order confirmation message to thecardholder's browser.

High Level System Description

FIG. 1 schematically illustrates one embodiment of an infrastructurearchitecture 100 that can support the PAS. The architecture is dividedinto three domains, the issuer domain 102, the interoperability domain104, and the acquirer domain 106. The issuer domain 102 includescomponents that are primarily controlled by an issuer. An issuer, forexample, can be a financial institution that issues payment cards toconsumers. Specifically, an issuer, or a card issuer, personalizes newcards received from a card supplier and then issues these cards to itscustomers. Personalization may also be performed by the card supplier orby a personalization bureau. In addition to being a financialinstitution, an issuer may be any suitable issuing entity such astelecommunications network operator, a service association, a merchantor other organization, or even an agent acting for an issuer. Theacquirer domain 106 includes components that are primarily controlled byan acquirer. An acquirer, for example, can be a financial institutionthat enrolls merchants in the payment scheme and manages the accounts ofmerchants. The acquirer also routes information from an online merchantto the telecommunications network. The interoperability domain 104 issupported by the Internet and includes components used by both theissuer and the acquirer. The interoperability domain 104 is typicallymanaged by the card scheme manager such as Visa. The interoperabilitydomain 104 can also be supported by a network other than the Internet.

The issuer domain 102 includes an enrollment site 108, an issuercardholder system 110, the cardholder client device 122, an enrollmentserver 112, an access control server 114, an issuer or third partyidentity authentication component 116, and an account holder file 118.Optionally, the issuer domain 102 can include an issuer file of approvedcardholders 120. The enrollment server 112 is a computer that managescardholder enrollment into the PAS service through presenting a seriesof questions via a web interface to be answered by the cardholder andverified by the issuer. As shown in FIG. 1, the card issuer operates theenrollment server 112. However, a service organization, such as Visa,may operate the enrollment server 112 on behalf of the issuer. Theissuer may use a web-enabled, interactive “identity authenticationservice” provided by a third party during the enrollment process to helpvalidate a cardholder's identity. The enrollment server 112 is connectedvia the Internet to the Internet Payment Gateway Service 124, which isin turn, connected to a telecommunications network 126, for example,VisaNet. The Internet Payment Gateway Service 124 allows the enrollmentserver 112 to communicate with the telecommunications network 126. Theconnection via the Payment Gateway Service 124 allows the enrollmentserver 112 to query the issuer's authorization system 138 to determineif a cardholder being enrolled has an active card account. Enrollmentsite 108 is an Internet web site where the cardholder can register toparticipate in the PAS.

The access control server (ACS) 114 is a computer that has a database ofcardholders registered for PAS containing cardholder account andpassword information. During an online payment transaction, the accesscontrol server 114 provides digitally signed receipts to merchants,controls access to PAS, and validates cardholder participation in theservice. The card issuer or a service organization, such as Visa, onbehalf of the issuer may operate the access control server 114. WhilePAS does not require any additional cardholder software to be used,optional cardholder software and hardware may be deployed. Thecardholder software may be used to support additional authenticationtechniques such as digital certificates, integrated circuit cards (chipcards) and chip card reader, or to verify that the ACS is properlyassociated to the appropriate cardholder client device. Account holderfile 118 is a issuer managed database for storing information relatingto the cardholders that are successfully enrolled in PAS.

Cardholder client device 122 is used by the cardholder to participate inPAS. Specifically, the cardholder client device 122 can be any devicecapable of accessing the Internet, such as a personal computer, mobiletelephone, a personal data assistant, or an interactive cabletelevision.

The issuer cardholder system 110 is an issuer controlled systemcontaining information about cardholders. This system informationcontains information concerning account information, services utilizedby the cardholder, etc. Some of the information within the issuercardholder system can be used in the process for enrolling cardholdersin the PAS.

Issuer or third party identity authentication database 116 containsinformation that the issuer or third party already has on file regardingcardholders. Database 116 is used by issuer in the process of enrollingcardholders to verify the identity of the cardholders. For instance,information entered by cardholders during the PAS registration processmust match the information already on file in the authenticationdatabase 116 in order for cardholders to successfully register for PAS.Third parties can be companies such as Equifax.

The interoperability domain 104 includes a directory server 128, areceipt file 130 and a receipt manager 131. Directory server 128 routesauthentication requests from merchants to specific access controlservers. The directory server 128 is operated by a service organization,such as Visa. The receipt file 130 and receipt manager 131 store signedreceipts for each authenticated purchase transaction. The receipt file130 contains information that verifies which transactions wereauthenticated and provides additional information during disputeresolution processes. The receipt file 130 and receipt manager 131 areoperated by a service organization. The issuer, Acquirer, or merchantmay also maintain a copy of the digitally signed receipt.

Acquirer domain 106 includes the merchant 132 and the validation server136. A merchant plug-in software module 134 resides at the location ofthe merchant 132. The merchant plug-in software module 134 is a PASsoftware module that integrates into a merchant's electronic commerceweb sites. The plug-in software module 134 provides the interfacebetween the PAS and the merchant's payment processing software. Thevalidation server 136 verifies the digital signature of the card issuerused to sign the receipt returned by PAS to the merchant during thepayment transaction. In alternative embodiments of the presentinvention, the functionality of the validation server 136 may beincluded within the merchant plug-in software module 134, thuseliminating the need for a separate validation server 136. Thevalidation server 136 is operated by the merchant, the acquirer or by aservice organization.

The infrastructure of the PAS may be implemented in two separatearchitectural approaches. One approach is a centralized architecture andthe second is a distributed architecture. The centralized approachrequires no software or data to be stored on the cardholder's clientdevice. In the distributed architecture, on the other hand, PAS softwareexists on the cardholder's client device. This software is downloaded bythe enrollment server to the cardholder client device during theenrollment process. In the distributed approach, the merchants determinea cardholder's participation in the PAS through a mechanism provided bythe cardholder's system client device. It should be noted that a vendor,a PAS software supplier, could choose to create the centralized,distributed, or a combination of the two architectures depending uponthe vendor's or their customer's specific business requirements. FIGS.7-10 will provide further detail as to centralized and distributedarchitectures.

As mentioned earlier, the distributed architecture requires software tobe stored on the cardholder client device. The distributed PAS providesa mechanism for a cardholder to transfer payment applications andpersistent data from one cardholder client device to another cardholderclient device. This mechanism provides PAS with the ability toauthenticate a cardholder's identity when the cardholder client deviceis a different client device from the client device that the cardholderaccessed during the registration process. The PAS system is also capableof authenticating the cardholder's identification when the currentcardholder's client device is one that the cardholder had not usedpreviously. In other words, cardholders can use PAS on more than oneclient device. At least two methods exist for transferring the PASsoftware between cardholder client devices. The first method involves acardholder using a portable storage medium, such as a floppy disk, totransport the software. The second method involves the ACS dynamicallydownloading the software onto the additional client device to be used bythe cardholder.

In some embodiments, PAS can interoperate with other cardholderapplications, such as electronic wallets, and PAS can operate compatiblywith electronic commerce mark-up language (ECML Software). PAS alsoprovides capabilities to implements dispute resolution procedures. Forinstance, the PAS allows the merchant to retain sufficient informationto provide proof of cardholder authentication for the purposes ofdispute resolution and chargebacks.

Set-Up, Registration, Authentication and Authorization DetailedDescription

The description will now provide further detail regarding the variousphases from setting up of the PAS to the actual authorization of onlinetransactions. First, the procedures required to set up the varioussystem participants such that they may operate within the PAS will beexplained. Then the cardholder's process for registering with the PASwill be explained. After these phases are described, explanation will beprovided as to the actual authorization of payment transactions.

Setting up the PAS involves set up procedures for all the participantswithin the system. These participants include entities such as themerchants, financial institutions, and cardholders. First, the set upprocedures of the online merchants and financial institutions will bedescribed, and then the set up procedures for cardholders will bedescribed.

Online merchants who sign up with the PAS receive merchant plug-insoftware modules, such as plug-in software module 134 in FIG. 1. Theplug-in software module should be specific to the computing platform andcommerce server software used by the merchant. Financial institutionsparticipating within PAS will provide bank logos and marketing designsto be incorporated into their customized PAS enrollment site template.Acquirers should also provide merchants with a service organizationcertification authority (CA) root certificate, a service organizationcertification authority SSL certificate for client authentication, andintegration support.

Before an Issuer can be set up to use PAS they must obtain a copy of allPAS software specified in the Issuer domain and install hardware systemsand the PAS software. Then, Issuer financial institutions will alsoprovide identity authentication policies and participating BINinformation to PAS to be used in cardholder identity verificationprocesses. Optionally, the issuer can provide to the PAS the cardholderauthentication information for pre-loading into the account holder file118. Pre-loading facilitates large volume support of cardholders. Forexample, when an issuer desires to activate all or most of itscardholders for PAS, the issuer can send PIN numbers to all of itscardholders. The PIN number can then be used by each cardholder toaccess his or her preloaded passwords. In this manner, the enrollmentprocess is expedited because each cardholder need not go through theformal PAS enrollment process. After the cardholders use their preloadedpassword for the first time, the cardholders have the option ofdesignating a new and easier to remember password.

Cardholder authentication information includes information such asbusiness identification, country code, card account number, cardexpiration date, cardholder name, issuer-specific authentication dataspecified in the “participating BIN” data (e.g., mother's maiden name),and other information such as billing address, shipping address, socialsecurity number, telephone number, account balance, transaction history,and driver license number. Issuers should also provide account numberranges for their card account portfolios and access control server IPaddresses (URLs) to the directory server. PAS will be offered throughbank branded web-sites, which will allow cardholders to register withPAS.

FIG. 2 illustrates the process through which a cardholder registers withPAS according to one embodiment of the present invention. As shown instep 1, cardholders visit an enrollment server Internet web sitemaintained by a financial institution, such as an issuer. Cardholdersregister with PAS by registering their credit card account numbers.Alternatively, cards such as check and debit cards may also beregistered. Also, cardholders may register one or more cards with PAS.As shown at step 2, the cardholder enters information such as acardholder primary account number (PAN), name and card expiration date.Additional information may also be entered by the consumer at thispoint. For instance, address, e-mail address, shopper identification, anaccount verification value, cardholder-specific password, andissuer-specific authentication information may also be entered by thecardholder. This information can be entered in a page at the enrollmentweb site such as page 300 shown in FIG. 3.

After the cardholder enters the requested information at the enrollmentsite 108, PAS verifies that the cardholder PAN falls within a card rangethat is registered by the issuer in the directory server 128 of theInteroperability domain 104. The PAS can verify cardholder identitiesusing various methods. First, as just mentioned, the PAS can verify thecardholder identity through a third party authentication database orthrough the issuer's own authentication database. Additionally,verification can be performed by using the issuer provided file ofapproved cardholders 120, by transmitting status check authorizations tothe issuer, and by comparing responses to pre-loaded informationprovided by financial institutions.

If the PAN is not within an issuer enrolled card range, the enrollmentis rejected and the enrollment process is terminated. If the PAN iswithin an enrolled card range, an authorization for one dollar will besubmitted through a service organization payment network, such asVisaNet, to the issuer financial institution. The authorization of theone-dollar transaction allows the issuer to verify the card accountstatus, verify the address using the Address Verification Service, andverify the Cardholder Verification Value 2 (CVV2). The CVV2 is athree-digit number printed on the signature strip on the back of thepayment cards.

If the card is approved, then at step 3, the cardholder will then beprompted for additional authentication information to verify thecardholder's identity in an interactive, real-time, online session. Insome embodiments of the present invention, the cardholder can also berequested to enter a password and a “hint question and response” pairthat will be used to authenticate the cardholder during the purchasetransaction.

As shown in step 4, when the cardholder's identity is verified and theappropriate responses are returned, PAS sends an authorization messageto the issuer financial institution. Then at step 5, the enrollmentserver 112 passes cardholder information to the access control server114 to set up records in the account holder file 118. The account holderfile, such as account holder file 118 in FIG. 1, can store informationsuch as: financial institution BIN numbers, account numbers, expirationdates, first and last names, driver's license numbers, billingaddresses, social security numbers, cardholder passwords, cardholderpassword questions, cardholder password answers, cardholder emailaddresses, third party identity scores, and other information.

In some embodiments of the present invention, during the registrationprocess, the cardholder can be asked to enter a phrase, called thepersonal assurance message (PAM), that is recognizable to thecardholder. PAM is later presented to the cardholder by the issuerduring a payment transaction. Since only the issuer knows thecardholder's designated PAM, the cardholder can be assured that a dialogwindow used with PAS was delivered from the cardholder's issuer. Anexample PAM is, “the sky is blue.”

It should be noted that cardholders require no new client software ordevices to use PAS. In some cases however, chip card implementations ofPAS may require additional cardholder components such as a chip cardreader. In a preferred embodiment, the consumer registration processutilizes security protocols such as SSL channel encryption to protectdata transmitted across the internet between the cardholder and theenrollment server.

Also, during the consumer registration or enrollment process, eachfinancial institution may display its own “terms of use” and/or “dataprivacy policy.” Each financial institution has the ability to requireregistering cardholders to either accept or not accept the terms andpolicies in order to complete the registration process. The versionnumbers of the “terms of use” and/or the “data privacy policy” acceptedby each consumer should be saved by the financial institutions.

After PAS system participants are set up and the cardholders areregistered, a payment transaction may be authenticated utilizing PAS. APAS authenticated payment transaction is illustrated in FIG. 4. In step1 of FIG. 4, a cardholder visits a merchant's electronic commerce siteon the Internet. After the cardholder selects the products or serviceshe or she wishes to purchase, the cardholder begins the checkoutprocess, completes the checkout form, and then clicks on a “buy” button.

After the “buy” button is selected, as shown in step 2 of FIG. 4, themerchant plug-in software module is activated and then performs averification process to determine whether the cardholder's specificaccount is registered with the PAS. There are various methods by whichthe merchant plug-in software module can determine if the cardholder isregistered with PAS. For instance, a two-step process in which thedirectory server and then the ACS associated with the cardholder ischecked, a process where only the ACS is checked, and a method in whichthe merchant can check a cache memory containing the same informationheld in the directory server.

A description of the two-step process will now be provided. In the firststep, the merchant plug-in software module identifies the card accountnumber and queries the directory server 128 to verify that the accountnumber is within a range of numbers associated with an issuer bank thatis a PAS participant. If the account number does not fall within a rangeof account numbers defined on the directory server 128, then the issuerand thereby its cardholder are not registered with the PAS. In thiscase, the merchant is notified that the account number is not registeredwith PAS and the merchant plug-in software module returns control of thetransaction back to the merchant storefront software. At this point, themerchant storefront software can proceed with the transaction, as itnormally would, refuse further service to the cardholder, or proceedwith alternative payment methods.

On the other hand, if the account number is determined to be within arange of account numbers present in directory server 128, then thesecond step of the verification process begins. The second step of theverification begins by the directory sending the ACS capable ofauthenticating the cardholder the card number to determine if the cardis enrolled. If the card is not enrolled, the enrollment process isterminated. If the ACS indicates that the card is enrolled, the ACS viathe directory server returns its URL Internet address to the merchantplug-in. The merchant plug-in then invokes the ACS via the cardholderclient device and its resident browser. Once again it is noted thatthere can be multiple ACSs in PAS.

A second method of checking to see if the cardholder is registered withPAS is for the merchant plug-in software module to directly query theACS without first querying the directory server. The third method, asmentioned above, is for the merchant to have a cache memory containingthe same information held at the directory server. In this manner, themerchant can at least do a preliminary check.

It should be noted that there could be more than one physical directoryserver in the PAS system. However, it is preferable that there be onlyone logical directory server. In other words, all of the directoryservers should be consistent in that they contain the same information.

If the cardholder is a PAS participant, the ACS displays a bank brandedwindow to the cardholder. The bank branded window contains basic paymenttransaction information and prompts the cardholder for his PAS password.See FIG. 5 for an exemplary window 500 that prompts the cardholder forhis or her PAS password. The cardholder enters his or her password andthe ACS verifies the password. As is common today, the cardholder can begiven a certain number of attempts to correctly enter the password. Ifthe cardholder is unable to correctly enter the password, then thecardholder can be prompted with the hint question that was establishedduring the cardholder's registration process. Preferably, the cardholderis given one chance to enter the correct answer in response to the hintquestion.

The payment authentication continues if the correct password isimmediately entered or if the correct response is provided by thecardholder to the hint question within the allowed number of attempts.The ACS then proceeds to digitally sign a receipt using the issuer'ssignature key or a service provider's key. This receipt will contain themerchant name, card account number, payment amount, and the paymentdate. The receipt file 130 stores the following transaction data:merchant name, merchant URL, card account number, expiration date,payment amount, payment date, the issuer payment signature and thecardholder authentication verification value. The ACS then redirects thecardholder back to the merchant plug-in through the cardholder browser.At this point, the ACS also passes to the merchant the digitally signedreceipt and the determination as to whether the cardholder has beenauthenticated. The validation server 136, in the acquirer domain 106, isused by the merchant plug-in 134, to verify the digital signature usedto sign the payment receipt. After verifying the digital signature, thecardholder is deemed “authenticated.” In some embodiments of theinvention, after the transaction is completed, the cardholder will alsohave the ability to re-register his or her card account and create a newpassword to be used for future online purchases.

After the cardholder is authenticated in step 3, step 4 initiates theprocess for authorizing the specific cardholder's account. Specifically,in step 4, the merchant, through the merchant plug-in software module,sends an authorization message to a payment network such as VisaNet. Thepayment network, in turn, forwards the authorization message and the ECIto an issuer financial institution. The authorization message is amessage as is commonly known in the art. The authorization message issent to the issuer so that the issuer financial institution can verifyto the merchant that a specific account is in good standing and hasadequate credit line for the requested purchase amount of the paymenttransaction. The ECI indicates that the transaction was completed overthe Internet and indicates that level of message security (i.e., channelencryption (SSL), in the clear) and authentication used.

In alternative embodiments of the invention, the merchant is capable ofproviding additional information along with the authorization message.For instance, the following information can also be sent: a flagindicating if the cardholder was successfully authenticated, accountinformation, digital signatures, a cardholder verification value 2, cardauthentication verification value (CAVV), an offline PIN authenticatedby chip card EMV cryptogram, and the necessary fields to provide themerchant with guaranteed payment. The CAVV is data is created by the ACSwhich authenticated the cardholder and is a unique value for a givenpayment card and a specific payment transaction from that card. It isused by PAS card issuers to uniquely identify authenticated paymenttransaction if any subsequent disputes occur. After the issuer financialinstitution processing of the authorization transaction is complete,control of the purchase transaction is then returned to the merchant'sstorefront software via the payment network. The issuer then returns theauthorization response via the payment network to the merchant. In step5 of FIG. 4, the issuer financial institution will either authorize ordecline the transaction. In some embodiments, the authorization messagescan be batched and sent in a group at a later time. The PASauthentication information is also included in the batch authorizationmessages.

The access control server 114 is capable of various other functions. Forexample, the access control server can deactivate registered accountsfrom the database. Accounts can be deactivated manually, by thecardholder, or by the issuer. The access control server 114 can alsoprovide a simplified renewal registration process when the cardholderreceives a replacement card. The access control server 114 can supportmultiple users of the same registered account with unique access controlinformation. When providing a user with a connection to the accesscontrol server 114 for purchase transactions or account updating, theaccess control server 114 can validate the user as an authorizedcardholder of the registered account through one or more of thefollowing mechanisms: pass phrase, digital signatures, an online PINnumber, or and off-line PIN authentication by chip card EMV cryptogram.

In the PAS, the merchant 132 can interoperate with existing systemswhere the merchant has the cardholder account information on file,interoperate with existing merchant authorization and clearing systems,support third parties who provide services to multiple merchants,support a variety of payment interfaces between the merchant and theacquirer, and minimize the mandatory impact to payment networkauthorization messages from the acquirer when setting the value of theelectronic commerce indicator (ECI).

One method for routing transactions from the merchant to an accesscontrol server is to have a directory that provides the address of theserver based on the cardholder account number. In such a method, the PASrequests for routing information is only acceptable from authenticatedmerchants. If PAS detects and reports activity from a merchant thatexceeds its normal activity, then PAS is able to deny access to amerchant whose acquirer indicates that such access is no longer valid.This could be the case when merchant fraud is deemed probable. Merchantauthentication to the PAS system can be deployed, but deployment is notrequired. Merchant authentication can help minimize merchant fraud.

Detailed Message Flow for Pas Payment Transactions

FIG. 6 illustrates exemplary messages that are sent during the paymenttransaction superimposed over the PAS architecture. As described above,the purchase transaction begins when a cardholder visits a merchantwebsite via a browser and selects items to purchase. The merchant'spayment system will ask the cardholder to enter his or her paymentinformation. Generally, entry of the payment information should occur ina secure environment, for example, through the use of SSL encryptionprotocol. When the cardholder indicates that he or she is ready tofinalize the transaction, the merchant's payment system invokes the PASmerchant plug-in software module 134. Then as shown by line 1 a, theplug-in software module 134 checks the directory server 128 for thespecific URL of the ACS that may contain the cardholder's PayerAuthentication Number (PAN) to validate that the cardholder is enrolledin the service. Alternatively, the plug-in software module 134 checksits own cache memory that contains this information. The software 134searches for the PAN by formatting a VerifyEnrollmentReq message usingthe cardholder PAN. If not already established, the merchant plug-insoftware 134 will establish a secure connection with and authenticateitself to the directory server 128 or the access control server 114. Themerchant plug-in software 114 will search for a card range entry thatcorresponds to the cardholder PAN at various locations. One place thatis searched is the merchant plug-in software cache of directoryinformation. The merchant plug-in software module can also check thedirectory server and the access control server.

After the merchant plug-in software 114 conducts the search, theVerifyEnrollmentReq message is transmitted to the access control server114 either directly, as shown by line 1 b, or after first passingthrough the directory server 128, as shown by line 1 a. When theVerifyEnrollmentReq message is transmitted to the access control server114 via the directory server 128, the directory server 128 searches fora record corresponding to the cardholder PAN contained in theVerifyEnrollmentReq message. On unsuccessful match, the directory server128 will format a VerifyEnrollmentRes message with no URL value(s) andset the value of Status of PAN Enrollment or VerifyEnfollmentRes-Statusto “N.” The VerifyEnrollmentRes message is then returned to the merchantplug-in software. On the other hand, upon successful match, thedirectory server 128 will, if not already established, establish asecure connection with and authenticate itself to the access controlserver URL. Then, the VerifyEnrollmentReq message is forwarded to theaccess control server URL. If that URL is not available, the merchantplug-in should proceed to the next access control server URL value (ifavailable), and allow for up to a maximum of up to five access controlserver URL's to be searched. Of course, the number of URL's attempted isvariable. If unsuccessful on all attempts, a VerifyEnrollmentRes messageis returned to the merchant plug-in with VerifyEnrollmentRes-Status setto “N” to indicate to the merchant that the purchase transaction cannotbe processed as a PAS transaction.

After the VerifyEnrollmentReq message is received by the access controlserver 114, the access control server accepts the cardholder PAN fromthe VerifyEnrollmentReq message and validates it against the accountholder file 118. The access control server 114 then formats aVerifyEnrollmentRes message. In the case where a successful matchoccurs, the access control server sets the Status of PAN Enrollment to“Y,” creates a single use proxy PAN, which the access control server 114will internally associate with the PAN, and populates the URL field(s)in the VerifyEnrollmentReq message. In the case of an unsuccessfulmatch, the access control server sets the Status of PAN Enrollment to“N.” Then, as shown by line 2 a, the access control server returns aVerifyEnrollmentRes message back to the merchant plug-in through thedirectory server 128. For the case when a VerifyEnrollmentReq message istransmitted directly to the access control server, theVerifyEnrollmentRes message is transmitted directly back to the merchantplug-in as shown in line 2 b.

Caching of the directory server 128 can be facilitated by utilizing aCRReq and CRRes message pair. The CRReq message is sent from themerchant plug-in module to the directory server and requests the list ofparticipating card ranges, in order for the plug-in module to update itscache. The CRRes message is the response containing the participatingranges.

After the issuer access control server returns the VerifyEnrollmentResmessage, the PAS system checks to see if the cardholder client devicehas distributed authentication capabilities by using aQueryCardholderReq and QueryCardholderRes message pair. The merchantplug-in will format and send a query, the QueryCardholderReq message, tothe cardholder client device 122 to determine if a distributed PAScardholder module is resident. Sending of the QueryCardholderReq messageis shown in FIG. 6 by line 3. If any distributed authentication optionsare returned in the QueryCardholderRes message, the merchant plug-inwill communicate directly with the PAS cardholder client software toperform the authenticated steps. Sending of the QueryCardholderResmessage is shown in FIG. 6 by line 4.

If the VerifyEnrollmentRes-Status has a value not equal to “Y,” then themerchant is notified that the purchase transaction cannot be processedas a PAS transaction. However, if the VerifyEnrollmentRes-Status has avalue of “Y,” then the merchant plug-in will format a payment requestmessage, PAReq. The merchant plug-in will send the PAReq message via thecardholder client device browser to the issuer's ACS server, as is shownby line 5.

Additionally, by using the QueryCardholderReq and QueryCardholderResmessages, the VerifyEnrollmentReq and VerifyEnrollmentRes messages maybe eliminated. Cardholder client software could be deployed withissuer's ACS URL embedded in the software. The merchant plug-in willcomplete the QueryCardholderReq and QueryCardholderRes messages first.If PAS cardholder client software is detected, the Payer AuthenticationRequest (PAReq) message could be sent to the ACS or the cardholderclient software without having to conduct the VerifyEnrollmentReq andVerifyEnrollmentRes messages.

After the merchant plug-in passes the Payer Authentication Request(PAReq) to the issuer's ACS, the ASC displays a window to thecardholder. The window displays the payment details contained in thePayer Authentication Response (PARes) in addition to other items suchas: a Issuer's logo, a service organization mark or brand logo, merchantname, merchant location (URL), total purchase amount and currency,purchase date, card number, installment/recurring payment terms, orderdescription or link to description, special terms and conditions of saleor link to this information, personal assurance message (PAM), andprompt for the cardholder's password.

The ACS will then prompt the cardholder to enter the appropriatepassword. The ACS accepts the cardholder input and validates it againstthe account holder file 118. The PAS will allow, for example, a numberof unsuccessful attempts (e.g., three attempts) to enter the correctpassword. Of course, the number of attempts allowed can be varied. Afterthe final unsuccessful attempt, the PAS will display the hint question.The cardholder will need to enter the correct hint question response.The hint question associated with the cardholder is then displayed. Thecardholder is provided at least one attempt to enter the correctresponse. If the cardholder provides an incorrect response, merchant canbe notified that PAS transaction cannot be completed. If the cardholderprovides the correct response, the transaction should be treated as ifthe password was matched. Note, if there is more than one entry for anaccount number, the various cardholder names are displayed in a dropdown window. The cardholder can then select his or her name.

Upon matching of the password, the ACS generates and digitally signs apayment response message, PARes. The ACS also generates and sends aSaveReceipt message to the receipt file 130 and receipt manager 131, asis shown by line 7. As shown by line 7 a, the SaveReceipt message mayalso be passed from the receipt file 130 to the issuers authorizationand settlement system 138 to allow the issuer to match up the paymentauthorization request with the payer authenticated transaction in realtime. Sending the SaveReceipt message to the issuers authorization andsettlement system 138 allows the issuer to determine simultaneously ifthe authorization request is for an authenticated purchase. The ACS willthen re-direct the signed PARes back to the merchant server plug-in, asis shown by line 6.

After signed PARes is transmitted back to the merchant plug-in, theplug-in is reactivated. If the authentication status is a “Y,” theplug-in sends the PARes to the validation server 136. In the case thatthe validation server functions are provided by the merchant plug-in,the merchant plug-in validates the PARes signature and returns theresult of the signature validation. If the signature cannot bevalidated, the merchant plug-in will notify the merchant the transactioncannot be treated as a PAS transaction. If the authentication status isa “N,” the merchant should send a prompt to the cardholder asking foradditional information, request the cardholder to use a differentpayment card or form of payment, or process the payment transaction as anon-authenticated payment transaction.

In the case that the acquirer domain 106 contains a validation server,the validation server 136 validates the signature on the PARes. Thevalidation server 136 then returns the result of the signaturevalidation to the merchant plug-in. If the signature cannot bevalidated, the merchant plug-in notifies the merchant that thetransaction cannot be treated as a PAS transaction. On the other hand,if the signature is validated, the merchant proceeds with anauthenticated payment authorization. The PARes message may also bepassed from the merchant to its acquirer payment processor 140 as shownin line 6 a. The PARes message may then be passed from the acquirerthrough a telecommunications network 142 to the issuer. Thus, the payerauthentication results are made available to the issuer as part of thestandard payment authorization process.

Now the security issues related to the various channels of transmissionwill be discussed. As a base-line, all the channels of transmission arepreferably encrypted using 128-bit SSL. The channel between thecardholder and the merchant includes two channels. The merchant shouldsecure the connection that is used when the cardholder enters thepayment information by using an SSL certificate obtained from a serviceorganization-approved certificate authority. The merchant should alsosecure the connection used to transport the PARes message from thecardholder to the merchant plug-in by using an SSL certificate obtainedfrom a service organization-approved certificate authority.

The channel between the cardholder and the ACS should be encrypted bythe ACS by using an SSL certificate obtained from a serviceorganization-approved certificate authority. This channel is used fortwo purposes. First to send the PAReq message from the merchant plug-into the ACS, and secondly to send the signed PARes message from the ACSto the cardholder.

The channel between the cardholder and the enrollment server should beencrypted by the enrollment server using an SSL certificate obtainedfrom a service organization-approved certificate authority. This channelis used to accept the cardholder enrollment information.

The channel between the merchant and the directory server, and betweenthe directory server and the ACS server should be secured through aservice organization-issued SSL encryption certificate in order toprotect the PAN data contained in the VerifyEnrollmentReq andVerifyEnrollmentRes messages and the ACS URL address contained in theVerifyEnrollmentRes message.

The channel between the ACS to the cardholder should be encrypted toprotect the prompt for the cardholder's password and the cardholderentered password. This channel should be protected with an SSLcertificate obtained from a service organization-approved certificateauthority.

Centralized and Distributed Architecture Embodiments

FIGS. 7 and 8 illustrate a centralized architecture and FIGS. 9 and 10illustrate a distributed architecture. FIGS. 7-10 also show thesuperimposed representations of the message flows during both theenrollment and payment processes.

FIG. 7 illustrates the message flows on the centralized PAS architectureaccording to one embodiment of the present invention. As previouslymentioned, the centralized approach requires no software or data to bestored on the cardholder's system and the cardholder's password isstored at a central data storage site (AHF). The centralizedarchitecture 700 consists of a cardholder client device, for example, apersonal computer (PC) 702, and the PAS 704. The cardholder clientdevice 702 supports an Internet browser 706 that allows the cardholderto access PAS. PAS 704 includes at least an enrollment server 708. Thevarious other components of the PAS system have not been illustrated sonot to unnecessarily complicate the representation of the centralizedarchitecture. The centralized enrollment process begins at step 1 whenthe cardholder goes to the bank Internet site and the specificenrollment page to register with PAS. In response to the cardholdersinquiry, in step 2, the enrollment server 708 presents the cardholderwith authentication questions. In step 3, the cardholder answers theauthentication questions and provides the required password.

The enrollment server then validates the answers through a validationprocess in step 4. The result of the validation process is returned tothe enrollment server 708 in step 5. At step 6, databases and directoryservers are updated. At step 7, the cardholder is informed whether ornot his or her registration has been confirmed.

FIG. 8 illustrates the centralized payment flow that occurs between thecardholder client device 702, PAS 704, and the merchant system 720,according to one embodiment of the present invention. In FIG. 8, PAS 704is shown to include a directory server 710, the ACS server 712, and areceipt database 714. The merchant server includes a storefront softwareprogram 722, a PAS provided merchant plug-in software module 724, and apayment system 726. The centralized payment flow begins when thecardholder shops at the merchant's electronic commerce web site at step1. When the cardholder begins the checkout process, step 2 shows thatthe merchant plug-in module 724 checks to see if the cardholder has beenenrolled in the directory server 710. If the cardholder is enrolled, thedirectory server returns the URL address of the issuer's ACS server tothe merchant plug-in. At step 3, the merchant plug-in module 724 sends aPAReq message to the ACS 712. In response to the PAReq message, thecardholder eventually enters his or her password. Assuming the passwordis validated successfully by the ACS server, in step 4, a digitallysigned PARes message is sent to the merchant plug-in module from the ACS712 informing the merchant that the transaction is authenticated. Thestatus of the transaction is sent to the payment system 726 in step 5.To conclude the transaction, in step 6, the merchant's storefrontsoftware 722 sends the payment data to the payment system.

FIG. 9 illustrates the enrollment flow in the distributed PASarchitecture according to one embodiment of the present invention. Aspreviously mentioned, the distributed architecture stores softwareand/or data on the cardholder's system. In the distributed approach,merchants determine a cardholder's participation in the PAS through amechanism within the PAS cardholder module on the cardholder clientdevice. The distributed architecture 900 includes at least thecardholder client device 902, which includes an Internet browser 904,and PAS 906, which includes an enrollment server 908. Note that in thedistributed approach, there is no directory server. The enrollmentprocess begins when a cardholder goes to the bank specific Internetenrollment page to register with PAS in step 1. In step 2, thecardholder is presented with authentication questions. In step 3, thecardholder returns answers to the authentication questions to theenrollment server 908. The cardholders answers are validated in step 4through a validation process. The results of the validation process arereturned to the enrollment server 908 in step 5. If the cardholder isvalidated, then a cardholder software module 910 and a certificate areprovided to the cardholder in step 6. These are down-loaded across theinternet from the enrollment server.

FIG. 10 illustrates the payment flow in the distributed PAS architectureaccording to one embodiment of the present invention. The merchantmodule 950 includes the storefront software 952, the merchant plug-insoftware module 954 and the payment system 956. The payment processbegins, as usual, in step 1 when a cardholder shops and proceeds tocheckout at a merchant's electronic commerce web site. In step 2 themerchant checks to see if the cardholder software module 910 is presentin the cardholder's client device. If the cardholder software module 910is present, the merchant module 954 sends a PAReq message to thecardholder software module 910, rather than an ACS as in the centralizedarchitecture. The cardholder PAS software module, which knows theinternet URL address of its issuer's ACS server, passes on the PAReqmessage to the ACS server. The ACS server dialogs with the cardholdermodule to ask the cardholder for his password. If the password suppliedby the cardholder compares equal to the password for the same cardholderon the AHF, the cardholder is authenticated. Then the ACS serverresponds with the PARes message to the merchant module in step 4. Thestatus of the authentication process and the associated data is sent tothe payment system 956 in step 5. A receipt of the transactions is sentto the receipt database 960 in step 6. To conclude the transaction andthe payment data are sent to the payment system from the storefront instep 7.

Chip Card Embodiment

A chip card embodiment of the Payer Authentication Service (PAS)involves a cardholder using an integrated circuit card (also known as achip card or a smart card) and a chip card reader. The chip cardembodiment adds another level of authentication in an online purchasetransaction. Where the previously described PAS provides the ability toauthenticate the identity of the cardholder in an online purchase, thechip card embodiment of PAS also provides the ability to authenticatethat the cardholder actually has possession of his or her chip card.There are a variety of methods that can be used to validate theauthenticity of the chip card. One approach is to use a secret generatedby the chip, which can then be validated by the issuer's ACS.

The chip card embodiment can also use the PAS to authenticate thecardholder as described previously in this document in addition theauthenticating the card. Two techniques may be used to provide the PASpassword to the ACS. In a first technique, the chip card credit anddebit application of the chip card prompts the cardholder to type intheir PAS password. The cardholder enters in the password in a similarway as described previously. The password is then forwarded to the ACS.

In a second technique, the PAS password is automatically supplied to theACS by the chip card. This technique uses passwords stored on the chipcard to authenticate the cardholder in order to allow the cardholder toutilize the chip card. This approach uses an applet resident on the cardreferred to as the “Access” applet, because it provides universal accessto the card and its resident applications, and can be used toauthenticate a cardholder. The Access applet can also disable access tothe applications on the card. Upon presentation of the single, universal“Access” password and authentication of the cardholder, the Accessapplet then allows the cardholder to access to a variety of services orapplications (e.g., access to an online banking site, access to anelectronic bill payment service). For example, by presentation of asingle “Access” password, the applet then allows use of any storedpasswords on the card.

Generally, the set up procedures and the authentication process for thechip card embodiment are the same as for the traditional cardembodiment. The differences between the chip card embodiment and thetraditional card embodiment will be evident in the description thatfollows.

The chip card embodiment of the PAS will be described relative to eachof FIGS. 10A, 11, 12, 12A and 13. FIG. 10A illustrates one embodiment ofthe chip card payer authorization service architecture. FIG. 11 providesa general description of the PAS chip card and cardholder authenticationin an authenticated payment transaction. FIG. 12 illustrates acombination of a system architecture layout along with superimposedprocess flows. FIG. 12A illustrates a more detailed flow of messagesduring a payment transaction using a payer authentication service with achip card. Finally, FIG. 13 is used to illustrate a different embodimentof the chip card payer authentication system. Specifically, FIG. 13illustrates the chip card embodiment with an added feature of the Accessapplication that is used to control access to the various applicationsthat may be on a chip card.

FIG. 10A provides a high-level system architecture view of oneembodiment of the chip card payer authorization service. As usual, thepayment transaction begins when the cardholder accesses a merchant'selectronic commerce web site using a cardholder client device 122. Thecardholder client device 122 contains a chip payer authentication clientplug-in 1542 and is connected to the issuer access control server 114,which has a chip payer authentication ACS plug-in 115. The issuer ACS114 is connected to an account holder file 118, which is in turnconnected to a receipt file 130. The merchant 132 uses a merchantplug-in software module 134 to participate in the payer authenticationservice. The merchant 132 is connected to the directory server 128, thevalidation server 136, and the acquirer payment processor 182. Theacquirer payment processor 182 is connected to the payment network 126,which is in turn connected to the issuer 180.

FIG. 11 illustrates a flow chart that provides a general description ofa payment transaction using the chip card system. The paymenttransaction begins at block 1100 when a cardholder shops at an onlinemerchant web site and desires to conclude the shopping experience at thecheckout web page. In block 1110, the PAS verifies that the cardholderis a PAS registered participant, for example, after the cardholderclicks the “buy” button. Then in block 1120, the merchant plug-in modulesends a PAReq message to the associated access control server, whichleads to block 1130 where the access server via the PAS cardholdermodule in the cardholder client device verifies that the cardholderclient device includes a chip card reader. If the cardholder does nothave a chip card reader, then the payment transaction is either ended oranother payment method must be used.

If the cardholder client device has a chip card reader, then in block1140 the consumer is directed to insert his or her chip card into thechip card reader. In block 1150, the cardholder module in the cardholderclient device requests the chip card to generate a cryptogram based uponsecret information contained in the chip card. Also, in block 1160, thecardholder is requested to enter his or her registered PAS password. Inblock 1170, the chip card generated cryptogram and the cardholderentered password are both sent to the ACS for authentication.

At block 1180, the ACS validates the PAS password in methods similar tothose described for the non-chip card PAS system described previously asin FIG. 4. The ACS also independently generates another copy of thecryptogram for this chip card using information in the variouscomponents of the ACS server—see FIG. 12. If the PAS password matches,then the identity of the cardholder is authenticated. At block 1190, ifthe cryptograms generated by each the chip card and the ACS arematching, then it is verified that the actual chip card is being used bythe cardholder. At block 1195, a payment response message is sent backby the ACS to the merchant plug-in software module. The payment responsemessage contains a card authorization verification value (CAVV), toinform the merchant that the cardholder has been authenticated and thatthe actual card is being used at the cardholder client device is theproper card. The purchase transaction then proceeds as was describedpreviously.

Now, FIG. 12 is presented to illustrate payment process flows that aresuperimposed upon a chip card system architecture according to oneembodiment of the present invention. The chip card authenticationarchitecture 1500 involves the cardholder client device 1510, theissuer's ACS 1520, the cardholder 1530, the chip card 1540, and therequesting party 1550. The requesting party in the PAS environment istypically the merchant. The cardholder client device 1510 includes adisplay device 1512, terminal software 1514, PIN pad or key entry device1516, and the card reader 1518. The card reader 1518 is theelectromechanical device into which a chip card is inserted for use witha terminal application, functionally equivalent to a Card AcceptanceDevice or InterFace Device (IFD in a physical point of saleenvironment).

The ACS 1520 includes PAS authentication software 1522, a hardwaresecurity module 1524, the cardholder database 1526, and system software1528. The chip card 1540 includes a chip card credit and debitapplication 1542 such as the Visa Smart Debit Credit Application (VSDC).It should be appreciated that a general debit and credit application canbe utilized in situations where the VSDC application is mentioned in thepresent specification.

The requesting party 1550 is the merchant associated with a particularpayment transaction. The issuer server 1520 is the ACS operated by anissuer or a third party on behalf of an issuer capable of validating achip card's cryptogram. It acts as the interface between the requestingparty 1550 and the cardholder client device 1510. The cardholder clientdevice 1510 is a system of components and software that acts as aninterface among the cardholder 1530, the chip card 1540 and the issuer'sACS 1520 such as a personal computer, a mobile phone, a set top box orany other device or collection of functionally comparable components.

The cardholder 1530 is a party who is usually in control of thecardholder client device 1510 and capable of performing functions likeinserting a card, entering a PIN or checking to see whether componentsof the cardholder client device 1510 are properly operational. Chip card1540 is a payment card from an issuer that contains the chip card creditand debit application 1542, for example Visa Smart Debit CreditApplication.

Referring to the numbered circles in FIG. 12, which correspond toordered process steps, the following is a brief scenario describing whathappens during chip card payment authentication processing. In step 1, arequesting party such as a merchant, determines that chip cardauthentication is required and calls upon the issuer ACS to do it.

In step 2, the issuer's ACS, having obtained the primary account number(PAN) for the card to be authenticated from the pay request messagesends a message called the VSDC Authentication Request to the cardholderclient device.

In step 3, the cardholder client device, acting in response to therequest from the issuer's ACS attempts to authenticate the card. Firstit determines whether the necessary components are present andoperational. Then, by putting a message on the display, the cardholderclient device requests the cardholder to insert the chip card to beauthenticated into the card reader.

In step 4, the cardholder responds by inserting the chip card in thecard reader which generates a message to the cardholder client deviceinforming it the card has been inserted, or depending upon howsophisticated the card reader is, the cardholder client device may needto poll the card reader using the path numbered 5 to determine whetherit is now able to read the card.

In step 5, the cardholder client device initializes the chip card andthe VSDC application on the chip card and then communicates with them todirect the return of a cryptogram from the chip card for latervalidation.

In step 6, in the course of communicating with the chip card severalexchanges occur. The chip card may request that the cardholder to entera PIN. If so then the cardholder client device notifies the cardholderto enter a PIN via a PIN pad or other key entry device.

In step 7, while sending messages (commands) and receiving responsesfrom the card in steps 5 and 6, the cardholder client device wasgathering the information necessary to compose the VSDC AuthenticationResponse which it now sends to the issuer's ACS. The Access Controlserver using information provided in the VSDC Authentication Responsemessage attempts to authenticate both the cardholder via his passwordand the chip card via its cryptogram.

In step 8, the issuer's ACS replies via a payment response message tothe merchant or requesting party with the results of the cardholder andchip card authentication processes.

The principal functional capabilities of each entity in the VSDCAuthentication service will now be described. The requesting party (ormerchant) functions to signal or trigger the issuer's ACS to initiatechip card VSDC Authentication processing, provides the issuer ACS withthe necessary data to perform VSDC Authentication, and uses the resultof VSDC Authentication provided by the issuer's ACS.

The issuer's ACS functions to securely store cryptographic keys neededfor cryptogram validation, to collect the necessary data to perform VSDCAuthentication processing, to initiate VSDC Authentication processing bysending the VSDC Authentication Request message to the cardholder clientdevice software, to validate the cryptogram sent from the chip card viathe cardholder client device in its attached Hardware Security Module(HSM), and to provide the result of the validation of the cryptogram torequesting party or merchant via the payment response message.

The cardholder client device functions to communicate with the issuerACS, to receive the VSDC Authentication Request message, to communicatewith the cardholder for card insertion/removal and PIN entry, tocommunicate with the chip card, to send necessary data for VSDCAuthentication to the chip card, to receive necessary data for VSDCAuthentication from the chip card, to receive the cryptogram from thechip card, and to send the card generated cryptogram to the issuer ACS.The cardholder client device also requests the cardholder to enter hispassword and passes the entered password to the ACS.

The cardholder functions are that he or she inserts the chip card intothe card reader, determines whether the chip card environment is ready,enters the PIN, removes the chip card from the card reader, and entershis or her password.

Detailed Message Flow Example

FIG. 12A illustrates a detailed flow of messages between the chip card1540, the cardholder client system 1510, and the issuer's access controlserver 1520. This flow of messages defines the manner in which chip cardpayment authentication processing is performed. The flow of messages isorganized in a top-down manner that progresses through the phases of theauthentication process.

This section (an explanation of message flow) briefly describes thephases of the VSDC Authentication processing in the order in which theyoccur as illustrated in FIG. 12A: VSDC Authentication Request(4.2.1.1)—the issuer's ACS starts the VSDC Authentication processing;Initiation (4.3.2.1)—the cardholder client device software prompts thecardholder to insert the chip card into the card reader; ApplicationSelection (4.3.2.2)—the cardholder client device software selects a VSDCapplication from the chip card; Application Initiation (4.3.2.3)—thecardholder client system device and the chip card initiate VSDCAuthentication processing; Read Application Data (4.3.2.4)—thecardholder client system device reads the application data from the chipcard; Cardholder Verification (Optional) (4.3.2.5)—the cardholder clientdevice software performs offline PIN verification to authenticate thecardholder; Terminal Action Analysis (4.3.2.6)—the cardholder clientsystem device requests the chip card to generate the cryptogram;Completion (4.3.2.7)—the cardholder client device software completes andterminates the processing for VSDC Authentication; and VSDCAuthentication Response (4.2.1.2)—the cardholder client device softwarereturns the cryptogram and the other data to the issuer's ACS server.

Now the message and processing flow details and the functions involvedin generating the flow between the cardholder client device software andthe chip card will be described.

VSDC Authentication Request (4.2.1.1) is the message that delivers thenecessary data from the issuer access control server to the cardholderclient device software to invoke the cardholder client device softwareto start VSDC Authentication processing. This message contains thenecessary data for the chip card to generate a cryptogram.

The issuer's ACS preferably should obtain or generate the necessary datalisted here: Amount Authorized; Application Identifier; ApplicationLabel (of VSDC application); Application Preferred Name; TerminalCountry Code; Transaction Currency Code; Transaction Date; TransactionType; and Unpredictable Number. The source of these data variesdependent on the authentication environment within which VSDCAuthentication is working. The issuer's ACS preferably should constructa VSDC Authentication Request to deliver these data to the cardholderclient device software. This message preferably should invoke thecardholder client device software to start the processing between thecardholder client device software and the chip card. The cardholderclient device software preferably should start the initiation process.

VSDC Authentication Response (4.2.1.2) is the message that delivers thecryptogram and the other supporting data from the cardholder clientdevice to the issuer's ACS. VSDC Authentication Response message is alsoused to deliver the status code when errors and exceptions occur duringVSDC Authentication processing. The VSDC Authentication Response messageis also used to provide the access control server with the cardholder'spassword.

The cardholder client device software preferably should obtain all thenecessary data described in the Table 1 below. The cardholder clientdevice software preferably should construct a VSDC AuthenticationResponse message to deliver these data to the issuer's ACS server.

TABLE 1 Data Element Source Cryptogram From the first GENERATE ACresponse message. Derivation Key Index From the first GENERATE ACresponse (DKI) message. (DKI is a component of issuer Application Data.)Cryptogram Version From the first GENERATE AC response Number message.(Cryptogram Version Number is a component of issuer Application Data.)Application Interchange From the GET PROCESSING OPTIONS Profile (AIP)response message. Application Transaction From the first GENERATE ACresponse Counter (ATC) message. Card Verification Results From the firstGENERATE AC response (CVR) message. (CVR is a component of issuerApplication Data.) Terminal Verification From the cardholder clientdevice software. Results (TVR) PAN Sequence Number From the READ RECORDresponse message. Status Code From the cardholder client devicesoftware. Reserved for future use 1 Filled by “00000000000000000000”Reserved for future use 2 Undefined format and content, 10 bytes.

The issuer's ACS server preferably should retrieve the data from theVSDC Authentication Response and validate both the cryptogram and thecardholder's password. The issuer's ACS server receives the VSDCAuthentication Response containing status codes when errors orexceptions occur and when processing completes successfully between thecardholder client device software and the chip card. The issuer's ACSserver may store the data from the cardholder client device software topermit the issuer to use that information to analyze the processing thatoccurred between the chip card and the cardholder client device softwareand to respond to inquiries from cardholders when errors and exceptionoccurs.

There is an optional process at the issuer ACS. If the authenticationenvironment requests, the issuer ACS may need to send the result of theauthentication to the merchant or requesting party. In someenvironments, the issuer ACS may send an indication that a cryptogramauthentication has occurred and whether it was successful. Note that theVSDC Authentication Response is always sent even if the cardholderclient device software terminates prematurely due to errors or othercauses.

The description will now cover the message flow and the functionsinvolved in generating the flow between the VSDC application on the chipcard and the cardholder client device software. First, an overview ofprocessing flow of cardholder client device software functions to thechip card message flow is provided. The functions are those ofinitiation, application selection, application initiation, readapplication data, cardholder verification, terminal action analysis, andcompletion.

Initiation describes how the cardholder client device software assuresthat the chip card is inserted into the card reader and is ready for theprocess. Application Selection describes how the cardholder clientdevice software proceeds to select the VSDC application on the chip cardfor VSDC Authentication processing. Application Initiation describes howthe cardholder client device software initiates the VSDC application onthe chip card. Read Application Data describes how the cardholder clientdevice software reads the VSDC application data from the chip card.Cardholder Verification describes how the cardholder client devicesoftware performs cardholder verification. Terminal Action Analysisdescribes how the cardholder client device software requests the chipcard to generate the Cryptogram. Completion describes how the cardholderclient device software terminates the chip card processing and ends itsprocessing.

A detailed explanation of each flow and message will now be given.

The Initiation phase (4.3.2.1) comprises two sub-phases. One isInitiation for the Card Environment on the Cardholder Client Device(4.3.2.1.1) and the other is Initiation for the Chip Card (4.3.2.1.2).The cardholder client device software preferably should assure to theextent possible in the environment that the card reader and anyassociated device support software necessary to enable it are ready forcard insertion. If the card environment is not ready, the cardholderclient device software preferably should communicate with the Cardholderto verify that conditions at the cardholder client device are correctlyset up. Communication with the cardholder might include asking suchquestions as whether the card reader is properly attached, whether thepower is on, and whether the correct version of card reader driversoftware is installed. The cardholder client device software mayterminate the VSDC Authentication processing if it determines that thecard environment cannot be made ready. When the cardholder client devicesoftware terminates processing it preferably should skip all succeedingphases and return the VSDC Authentication Response message to the issuerService with an appropriate status code.

If the sub-phase Initiation for the Chip Card (4.3.2.1.2) fails, controlmay return to this sub-phase whereupon the cardholder client devicesoftware prompts the cardholder to insert the chip card. The cardholderclient device software may terminate VSDC Authentication processing if,after it requests card insertion and returns again to Initiation for theChip Card, the chip card subsequently fails to respond. When thecardholder client device software terminates VSDC Authenticationprocessing, it preferably should skip all the succeeding phases andpreferably should send the VSDC Authentication Response message to theissuer ACS with an appropriate status code.

In the sub-processing phase Initiation for the Chip Card the cardholderclient device software communicates with the chip card to determinewhether it is ready for processing. The cardholder client devicesoftware preferably should reset the chip card. The chip card returns anAnswer To Reset (ATR) to the cardholder client device software, or thechip card fails to return an ATR. When the cardholder client devicesoftware receives ATR, it proceeds to the next phase, ApplicationSelection (4.3.2.2). When the chip card does not return ATR within atime established by standards, the cardholder client device software mayreturn to Initiation for Card Environment on Cardholder Client Device(4.3.2.1.1) or it may terminate VSDC Authentication processing. When thecardholder client device software terminates VSDC Authenticationprocessing, it preferably should skip all the succeeding phases andpreferably should send the VSDC Authentication Response message to theissuer server with an appropriate status code.

Application Selection (4.3.2.2) is the processing phase in which thecardholder client device software selects the VSDC application from thechip card. The process at the cardholder client device software includesthe following steps:

(a) The cardholder client device software preferably should performApplication Selection;

(b) To comply with security requirements, cardholder client devicesoftware preferably should use only the Explicit Selection Method,sending the SELECT commands with the AID (Application ID) as supplied inthe VSDC Authentication Request;

(c) If the response to the first SELECT command returns an AID with nosuffix, then there is only one instance of the application for therequested AID on the card. Processing continues with step g) below;

(d) If the response to the first SELECT command returned an AID with asuffix indicating there are multiple instances of the application forthe requested AID on the card then processing continues with step e)through step g) below;

(e) By issuing successive SELECT commands using the AID (as supplied inthe VSDC Authentication Request) until the card indicates there are noadditional instances of applications for the requested AID to bereturned. As each AID is returned the cardholder client device softwareconstructs a list of AIDs along with the corresponding Application Labeland Application Preferred Name for each AID;

(f) Using the Application Label and the Application Preferred Name assupplied in the VSDC Authentication Request the cardholder client devicesoftware searches the list constructed in the prior step for a match.The SELECT command is issued to the card using the AID of the matchedlist entry. If no match is found, the appropriate status code is set forreturn in the VSDC Authentication Response as indicated in “Exceptionhandling” below;

(g) Application Selection for the cardholder client device software iscomplete. Either there was a single eligible application on the card andit was selected in step c) above, or, it has been determined amongmultiple eligible applications which one to select in step f) above; and

(h) When the cardholder client device software and the chip card supportmultiple applications in addition to VSDC, it is the issuer'sresponsibility to decide which and in what sequence other applicationsare to be executed.

The chip card performs Application Selection.

Exception handling: if the VSDC application is not found, the cardholderclient device software preferably should terminate VSDC Authenticationprocessing. When the cardholder client device software terminates VSDCAuthentication processing, it preferably should skip all the succeedingphases and preferably should send VSDC Authentication Response to theissuer server with an appropriate status code.

Application Initiation (4.3.2.3) is the processing phase during whichthe cardholder client device software signals to the chip card thattransaction processing is beginning. The cardholder client devicesoftware preferably should initiate the application. The cardholderclient device software preferably should send the GET PROCESSING OPTIONScommand to chip card to initiate the VSDC application. The chip cardresponds to the GET PROCESSING OPTIONS command. The cardholder clientdevice software preferably should store the Application InterchangeProfile that will be used in later phases to construct the VSDCAuthentication Response. Enforcing geographical restrictions is one ofthe optional functions of the VSDC application. When the chip cardresponds to the GET PROCESSING OPTIONS command with an error code thatindicates the conditions of use are not satisfied, the VSDCAuthentication processing must be terminated.

If the card terminates the transaction then the cardholder clientsoftware device preferably should skip all the succeeding phases andpreferably should send the VSDC Authentication Response message to theissuer server with an appropriate status code. Note: It is the issuer'sresponsibility to decide what action to take after termination of VSDCAuthentication processing. Such decisions and consequent actions areoutside the scope of this document.

Read Application Data (4.3.2.4) is the processing phase in which thecardholder client device software reads the records of VSDC applicationfiles on the chip card. The cardholder client device software preferablyshould read the VSDC application data. The cardholder client devicesoftware preferably should send READ RECORD commands to retrieve thenecessary data from the VSDC application. The cardholder client devicesoftware preferably should retain the value of the PAN Sequence Numberfor later use in composing the VSDC Authentication Response. The VSDCapplication responds to the READ RECORD commands.

Cardholder Verification (4.3.2.5) is the phase of processing in whichthe cardholder client device software may verify the cardholder by usingan offline PIN verification method. Note that Cardholder Verificationmust be implemented in compliance with appropriate Visa securityguidelines. The conditions of execution phase is conditional, i.e.,required only when cardholder Verification is implemented and availableon the card and in the cardholder client device software. The cardholderclient device software preferably should verify the cardholder using theOffline Plaintext PIN Verification method. Neither the OfflineEnciphered PIN Verification method or the Online PIN verification issupported. The chip card performs Offline Plaintext PIN Verification. Inresponse to the first GENERATE AC command, the chip card provides theresult of the offline PIN verification in the CVR.

Terminal Action Analysis (4.3.2.6) is the phase of processing in whichthe cardholder client device software requests the chip card to generatea Cryptogram, which will be sent to the issuer server for validation.The cardholder client device software preferably should perform TerminalAction Analysis. The cardholder client device software preferably shouldassume the role of the “merchant POS terminal” described therein andbehave just like that terminal with the following exceptions:

a) Issuer Action Code and Terminal Action Code Processing—the cardholderclient device software preferably should not compare the TerminalVerification Results to the chip card's issuer Action Codes or toTerminal Action Codes; and

b) GENERATE AC Command the cardholder client device software preferablyshould construct the GENERATE AC command by requesting only ARQC, i.e.,must not request AAC or TC during Terminal Action Analysis.

Terminal Verification Results values is a record of the outcome of thevarious application functions performed by the cardholder client device.Different from the standard VSDC processing at POS terminal, some of thevalues are static for VSDC authentication. The values to be assigned tobits that are static are indicated below. Bits whose values are to bedynamically set, will be set by the cardholder client device during thecourse of the VSDC Authentication processing. The chip card produces acryptogram.

Completion (4.3.2.7) is the processing phase in which the cardholderclient device software terminates the processing of the chip card. Thereis a process variation: the cardholder client device software processingpreferably should vary based upon the GENERATE AC response message. Thecardholder client device software preferably should perform Completion.The VSDC application provides the chip card with the authority todecline transactions offline (AAC) even if the cardholder client devicesoftware issues the first GENERATE AC command for an onlineauthorization (ARQC). Therefore the client cardholder device softwareshould expect that the chip card will return either an ARQC or AACduring VSDC Authentication processing. To determine whether the outcomeof the GENERATE AC is an ARQC or AAC the issuer ACS can check the CVR.

VSDC Authentication preferably should continue processing even thoughthe response from the chip card is Offline Decline (AAC). Processing cancontinue because even though the response indicates declined, thereturned cryptogram can nonetheless be used for card authentication.VSDC Authentication requires the cryptogram for card authenticationregardless of the type of the cryptogram.

This sub-section describes the processing flow when the chip cardreturns an Authorization ReQuest Cryptogram (ARQC), i.e., the Cardresponse is ARQC (4.3.2.7.1). For VSDC Authentication, such aninterpretation is not relevant because an authorization will not berequested and VSDC Authentication is always an “online” process. Theobjective of issuing the GENERATE AC command is to cause the card toreturn a cryptogram for validation. After receiving the first GENERATEAC response with ARQC from the chip card, the cardholder client devicesoftware preferably should perform the following:

The cardholder client device software preferably should keep only thecryptogram and no other data except for the following data elements sentfrom the chip card in order to send them to the issuer server; see Table2.

TABLE 2 Data Element Source Cryptogram From the first GENERATE ACresponse message. Derivation Key Index From the first GENERATE ACresponse (DKI) message. (DKI is a component of issuer Application Data.)Cryptogram Version From the first GENERATE AC response Number message.Cryptogram Version Number is a component of issuer Application Data.Application Transaction From the first GENERATE AC response Counter(ATC) message. Card Verification Results From the first GENERATE ACresponse (CVR) message. (CVR is a component of issuer Application Data.)

The cardholder client device software preferably should storeinformation necessary for subsequent phases to prepare and send the VSDCAuthentication Response. Then, the cardholder client device softwarepreferably should issue the final GENERATE AC command to the chip cardas if the online authorization response would indicate transactionunapproved by the issuer. It means that the cardholder client devicesoftware requests an AAC. Note that there are no authorizationrequest/response messages in VSDC Authentication processing.

The source of data listed in CDOL2—The Data Elements—which thecardholder client device software transmits to the chip card in the datafield of the final GENERATE AC command, preferably should be obtainedfrom the sources indicated in the Table 3 below.

TABLE 3 Data Element Source Amount, Authorized From Network-based VSDCAuthentication Request message Amount, Other From Network-based VSDCAuthentication Request message Terminal Country Code From Network-basedVSDC Authentication Request message Terminal Verification From thecardholder client device software Results (TVR) Transaction CurrencyFrom Network-based VSDC Code Authentication Request message TransactionDate From Network-based VSDC Authentication Request message TransactionType From Network-based VSDC Authentication Request messageUnpredictable Number From Network-based VSDC Authentication Requestmessage

The chip card returns the response to the final GENERATE AC command withAAC.

The cardholder client device software preferably should ignore aresponse from the chip card to the final GENERATE AC command. Thecardholder client device software preferably should comply with securityrequirements by clearing from its memory extraneous data received fromthe chip card. Note: It is assumed that by this time all prior unuseddata from previous phases have been cleared in compliance with securityrequirements.

This sub-section describes the processing flow when the chip cardreturns an Application Authentication Cryptogram (AAC), i.e., the Cardresponse is AAC. For VSDC Authentication, such an interpretation is notrelevant because an authorization was not requested. The objective ofissuing the GENERATE AC command is to cause the card to return acryptogram for authentication of the chip card.

After receiving the AAC in the response to the first GENERATE AC commandfrom the chip card, the cardholder client device software preferablyshould perform the following functions. The cardholder client devicesoftware preferably should keep the cryptogram and the other informationsent from the chip card in order to send them to the issuer ACS. Thecardholder client device software preferably should prepare to send VSDCAuthentication Response. The cardholder client device softwarepreferably should clear all the data received from the chip card in allphases.

Chip Card Embodiment with Access Application

Now that the description of the message flows in FIG. 12A has beencompleted, an embodiment of the chip card device utilizing an Accessapplication will now be presented.

The additional embodiment of the chip card system involves an Accessapplication that can optionally be used as an extra feature of the chipcard system. The Access application is used to control access to thechip card and the multiple applications that may reside on the chipcard. The Access application can be referred to as the “Accessapplication or applet.” The Access application controls access to theother applications resident upon the chip card. In this manner, theAccess application is able to verify the identity of the personattempting to utilize the chip card and its associated applications. Ifthe person attempting to use the chip card enters the correct useridentification number or string, and a password, then it is presumedthat an authorized person is about to use the chip card. In this case,the Access application unlocks all of the applications on the chip cardso that they may be used. In addition to unlocking the applications, theAccess application can make the passwords for the applications on thechip card available for use. In some embodiments of the Accessapplication, only a select number of the applications will be unlockedafter entering the correct information in response to the Accessapplication.

There are numerous references to the passwords or secret values that thecardholder enters and/or the issuer ACS checks. As shown in Table 4,secrets #1, #2, and #3 are different values (and none of the three is afinancial ATM or POS PIN).

TABLE 4 Passwords and Secret Values Secret #1 A cardholder-definedpassword to enable access to the chip card Access application forchip-based payer authentication. In some embodi- ments, secret #1 allowsan access program on a smart card to open all the applications on asmart card, including the PAS application. Secret #2 An issuer-definedpassword returned by the chip card Access application to enable the ACSto validate the cardholder for chip-based payer authentication. Thecardholder is not required to know this password since it isautomatically used to open applications on the smart card. Secret #3:The password used in the non-chip card embodiment of PAS (the coresystem). The cardholder-defined password to enable the ACS to validatethe cardholder. This password or secret can also be used to validate thecardholder when chip card access is not available on the card.

FIG. 13 illustrates a system diagram of the components utilized in thepayer authentication service using the chip card and a universal Accessapplication. The system diagram of FIG. 13 shows the chip card 1540, thechip card reader 1518, the cardholder client device 122, the accesscontrol server 114, and a database 1240. The chip card 1540 includes theaccess applet 1202 and the chip card credit and debit application 1204.The access applet 1202 stores a password, which is secret #2, that willbe used to unlock the various applications on the chip card. Thecardholder client device includes the payer authentication application1542.

Upon making an online purchase transaction, the access applet 1202prompts the cardholder to enter his or her user ID and password, whichis secret #1. If the cardholder enters the correct user ID and theassociated password, then secret #2 is automatically used to unlock theapplications on the chip card. Then the PAS system utilizing the chipcard system can proceed as was described earlier in this specification.

This second, more detailed description explains the processes andcommands that should be supported by the cardholder client devicesoftware, which facilitates communication between the chip card reader,the cardholder's Internet browser and the ACS.

The various basic processes and commands will now be described. First,the cardholder client device software will be activated by a messagefrom the ACS server (client software can also be implemented with atimeout feature, e.g. client software will be timed out after 30minutes). Then, the cardholder client device software will check for theexistence of a compliant chip reader and respond to the ACS that it iscapable of processing a chip based payer authentication transaction. Thecardholder client device software will receive a message from the ACScontaining the appropriate merchant and ACS data to enable a chip cardprogram (e.g., VSDC application) to generate a cryptogram. An example ofsuch a chip card program is the Visa Smart Debit Credit application(VSDC), which is Visa's implementation of the Europay, Mastercard, andVisa (EMV) chip card standard. The cryptogram is a cryptographic valuegenerated by the card that is specific to the card and to eachtransaction. The ACS can validate the cryptogram using cryptographickeys in a hardware security module. It is noted that the VSDCapplication is the same application used in the face-to-face transactiontaking place at brick-and-mortar POS merchant.

After receiving the message from the ACS, the cardholder client devicesoftware will check for the presence of secret #2 and UID in the defineddata element. If it is not available, the cardholder client devicesoftware will ask the cardholder to insert the chip card and entersecret #1 to validate against the chip card Access application andretrieve secret #2 and User ID (UID). If the cardholder is validated forchip-based payer authentication, the cardholder client device softwarewill execute a VSDC purchase transaction to obtain the cryptogram andassociated data to perform Online chip card Authentication.

Execution of the VSDC purchase transaction involves multiple steps to betaken by each of the cardholder client device software and the VSDC chipapplication. The cardholder client device software will performApplication Selection using the Explicit Selection Method by issuing oneor more SELECT commands to the card. The cardholder client devicesoftware will also issue a GET PROCESSING OPTIONS command that includesthe PDOL, if a PDOL was present in the File Control Information (FCI)from Application Selection. Then the VSDC chip application will returnthe Application File Locator (AFL) and Application Interchange Profile(AlP) in the response from the GET PROCESSING OPTIONS command.

The cardholder client device software will issue the READ RECORDcommands necessary to read the VSDC chip application records designatedby the AFL. Note that the chip will return all of the data necessary tocomplete a VSDC purchase transaction, as well as the data used forinternet payment authentication. The cardholder client device softwarewill need to parse out the correct data. The cardholder client devicesoftware will then perform the Processing Restrictions checks, bypassCVM List Processing, and bypass Terminal Risk Management except for theFloor Limit and New card checks. All transactions will be over the floorlimit. The cardholder client device software will set the TVRTransaction Exceeds Floor Limit bit to ‘1’. The cardholder client devicesoftware will perform Terminal Action Analysis and always request anARQC (online) cryptogram in the GENERATE AC command. This command willinclude the CDOL1 data including Transaction Date and the UnpredictableNumber from the ACS. Then the cardholder client device software willpass the cryptogram returned by the chip and supporting data unalteredto the ACS for validation. Finally, the cardholder client devicesoftware will issue a GENERATE AC command requesting an AAC. This willterminate the transaction on the VSDC card application. After issuingthe second GENERATE AC command, all information from the transactionshould be forgotten by the cardholder client device software

The following process occurs after the Merchant Plug In forwards thePAReq message to the ACS. First, the ACS should determine if thecardholder's PC is chip-enabled. (Note that though the PAN may beregistered as being chip-enabled, this step is necessary in thosesituations where the PC currently being used in the transaction does nothave a chip reader or is otherwise not chip-enabled.) The ACS shouldallow the issuer to configure two different actions for the situationwhen the PC is not chip enabled or the chip is not readable.

Option #1, prompt the cardholder for secret #3 (his or her PASpassword). Option #2, do not perform any cardholder nor chip cardauthentication and populate the PARes Transaction Status field with a“not applicable” response. The ACS should extract all of the appropriatemerchant information from the PAReq and provide this data and theappropriate ACS information to the cardholder client device softwarethat will be required to request the chip card to generate a cryptogram.

The ACS then sends the information to support the cryptogram to thecardholder's cardholder client device software and sends a request forsecret #2 and the Unique Identifier (UID). The cardholder client devicesoftware invokes an application that obtains secret #2 (password) andUID from the previously performed chip-enabled check-out process. Ifsecret #2 is not available via this procedure, the cardholder clientdevice software obtains secret #2 from the chip card by invoking theAccess applet, which requires the cardholder to enter secret #1 toactivate the applet, and obtains secret #2 and UID from within theAccess applet on the chip card. If the Access applet is not present onthe chip card, The cardholder client device software asks the cardholderto enter secret #3 (his or her PAS password).

After secret #2 and UID are obtained, the cardholder client devicesoftware initiates a VSDC transaction to generate a cryptogram requestand obtain the cryptogram from the chip card. If secret #2 is notobtained (i.e., the cardholder is not validated), the cardholder clientdevice software does not call upon the VSDC applet.

The cardholder client device software returns secret #2, the cryptogram,and the supporting data to the ACS for the ACS to validate thecryptogram. The ACS accepts the cardholder client device software'sinput and validates it against the Account Holder Database. If there ismore than one Account Holder Database entry (secret #2) for a PrimaryAccount Number (PAN), the cardholder is validated if any of the entries(secret #2) match the secret #2 sent to the ACS by the cardholder clientdevice software.

The ACS validates the card by replicating the cryptogram and comparingit to the cryptogram from the chip card sent to the ACS by thecardholder client device software. The ACS creates the PARes message,populating all of the, and returns the PARes message to the merchant viathe connection through the cardholder's browser.

The ACS digitally signs the PARes, sets the PARes Transaction Status,Transaction Detail, ECI values, chip card codes indicating the type ofcard, payment conditions and card authentication results, sends thesigned PARes back to the merchant, and generates a SaveReceipt messageto the receipt manager 131 (the SaveReceipt message may also be referredto as the PATrans message).

Two types of chip cards carry the Visa Smart Debit/Credit (VSDC)application. First is a card that is capable of validating thecardholder (payer) offline via the Access application on the card usingthe access password or secret #1. The access password is obtained fromthe cardholder and passed to the cardholder client device software onthe browser. If the access password provided is correct, the chip cardAccess application returns secret #2 and UID to the cardholder clientdevice software. Secondly, a card that is not capable of validating thecardholder (payer) offline (i.e., a card that only contains the VSDCapplication). In this case the cardholder client device software on thebrowser prompts the cardholder for secret #3 (his or her password) andit is provided to the ACS to achieve cardholder authentication.

The flow related to the cardholder client device software after it isgiven control from the ACS (after the ACS has received the PAReq messagefrom the merchant plug-in) will now be presented. The cardholder clientdevice software should first determine if the cardholder's PC is chipcard enabled (chip card reader and client software components present).If it is not, the transaction is processed via core payerauthentication. If the PC is chip card enabled, then in step 2, obtainthe secret #2 via the Access application on the chip card or obtain thesecret #3 via a prompt to the cardholder.

If secret #2 and UID or secret #3 is provided, Call the VSDC applicationon the chip to: retrieve the Magnetic Stripe Image (MSI) data element,retrieve the chip data necessary to allow the ACS to regenerate thecryptogram, and generate the ARQC cryptogram. If secret #2 or #3 is notprovided, the VSDC applet is not called.

Send the following data to the ACS for card authentication: the ARQCcryptogram, magnetic stripe image (MSI), and the data to support thecryptogram regeneration by the ACS. Optionally, the MSI data can beread.

Then send secret #2 and UID or secret #3 to the ACS for cardholderauthentication.

Generally, it is noted that chip cardholders will be allowed to conductpurchase transactions on the Internet without the card being present viacore payer authentication (PAS without the chip card and chip cardreader components). Also, the cardholder client device softwaredistributed by the issuer should support all types of VSDC cards.Authentication should accommodate chip-based payment applications thatimplement the full and limited versions of Visa Smart Debit or Creditapplets. Initially the chip-based payment application deployed willsupport limited VSDC features on an Open Platform card. This limitedVSDC payment applet, “jump start”, supports the following subset of the“full” VSDC features: MSI, Online Card Authentication, and offlineStatic Data Authentication (SDA). However, SDA is not performed duringInternet transactions. All information from the transaction should beforgotten by the payer authentication cardholder client device softwareat the end of the transaction (such as at the time the PARes message issent to the merchant).

The ACS is configurable by the issuer to allow different actions to betaken when the cardholder client device software is not available or isnot able to read the chip card. Option #1, the ACS will prompt thecardholder to manually enter secret #3 or option #2, no authenticationis conducted and a “not applicable” response is returned to themerchant.

Chip cardholders will be allowed to conduct purchase transactions on theInternet without the card being present (for example, from a differentPC without the cardholder client device software and chip card reader).The cardholder would manually complete the merchant check out form (oruse other non-chip method) and will be prompted by the ACS to manuallyenter secret #3 if the issuer chose this approach.

Preferred Payment Network

FIG. 14 illustrates a telecommunications network 800 suitable forimplementing an embodiment of the present invention. The presentinvention may make use of any suitable telecommunications network andmay involve different hardware, different software and/or differentprotocols then those discussed below. The below-described network is apreferred embodiment of the telecommunications network 126 of FIG. 1.Network 800 is a global telecommunications network that supportspurchase and cash transactions using any bankcard, travel andentertainment cards, and other private label and proprietary cards. Thenetwork also supports ATM transactions for other networks, transactionsusing paper checks, transactions using smart cards and transactionsusing other financial instruments.

These transactions are processed through the network's authorization,clearing and settlement services. Authorization is when an issuerapproves or declines a sales transaction before a purchase is finalizedor cash is dispersed. Clearing is when a transaction is delivered froman acquirer to an issuer for posting to the customer's account.Settlement is the process of calculating and determining the netfinancial position of each member for all transactions that are cleared.The actual exchange of funds is a separate process.

Transactions can be authorized, cleared and settled as either a dualmessage or a single message transaction. A dual message transaction issent twice—the first time with only information needed for anauthorization decision, an again later with additional information forclearing and settlement. A single message transaction is sent once forauthorization and contains clearing and settlement information as well.Typically, authorization, clearing and settlement all occur on-line.

The main components of telecommunications network 800 are interchangecenters 802, access points 804, 806 and processing centers 808 and 810.Other entities such as drawee banks and third party authorizing agentsmay also connect to the network through an access point. An interchangecenter is a data processing center that may be located anywhere in theworld. In one embodiment, there are two in the United States and oneeach in the United Kingdom and in Japan. Each interchange center housesthe computer system that performs the network transaction processing.The interchange center serves as the control point for thetelecommunication facilities of the network, which comprise high speedleased lines or satellite connections based on IBM SNA protocol.Preferable, lines 820 and 822 that connect an interchange center toremote entities use dedicated high-bandwidth telephone circuits orsatellite connections based on the IBM SNA-LU0 communication protocol.Messages are sent over these lines using any suitable implementation ofthe ISO 8583 standard.

An access point 804 or 806 is typically a small computer system locatedat a processing center that interfaces between the center's hostcomputer and the interchange center. The access point facilitates thetransmission of messages and files between the host and the interchangecenter supporting the authorization, clearing and settlement oftransaction. Links 826 and 828 are typically local links within a centerand use a proprietary message format as prefer by the center.

A data processing center (such as is located within an acquirer, issuer,or other entity) houses processing systems that support merchant andbusiness locations and maintains customer data and billing systems.Preferably, each processing center is linked to one or two interchangecenters. Processors are connected to the closest interchange, and if thenetwork experiences interruptions, the network automatically routestransactions to a secondary interchange center. Each interchange centeris also linked to all of the other interchange centers. This linkingenables processing centers to communicate with each other through one ormore interchange centers. Also, processing centers can access thenetworks of other programs through the interchange center. Further, thenetwork ensures that all links have multiple backups. The connectionfrom one point of the network to another is not usually a fixed link;instead, the interchange center chooses the best possible path at thetime of any given transmission. Rerouting around any faulty link occursautomatically.

FIG. 15 illustrates systems 840 housed within an interchange center toprovide on-line and off-line transaction processing. For dual messagetransaction, authorization system 842 provides authorization. System 842supports on-line and off-line functions, and its file includes internalsystems tables, a customer database and a merchant central file. Theon-line functions of system 842 support dual message authorizationprocessing. This processing involves routing, cardholder and cardverification and stand-in processing, and other functions such as filemaintenance. Off-line functions including reporting, billing, andgenerating recovery bulletins. Reporting includes authorization reports,exception file and advice file reports, POS reports and billing reports.A bridge from system 842 to system 846 makes it possible for membersusing system 842 to communicate with members using system 846 and accessthe SMS gateways to outside networks.

Clearing and settlement system 844 clears and settles previouslyauthorized dual message transactions. Operating six days a week on aglobal basis, system 844 collects financial and non-financialinformation and distributes reports between members. It also calculatesfees, charges and settlement totals and produces reports to help withreconciliation. A bridge forms an interchange between system 844processing centers and system 846 processing centers.

Single message system 846 processes full financial transactions. System846 can also process dual message authorization and clearingtransactions, and communicates with system 842 using a bridge andaccesses outside networks as required. System 846 processes Visa, PlusInterlink and other card transactions. The SMS files comprise internalsystem tables that control system access and processing, and thecardholder database, which contains files of cardholder data used forPIN verification and stand-in processing authorization. System 846on-line functions perform real-time cardholder transaction processingand exception processing for authorization as well as full financialtransactions. System 846 also accumulates reconciliation and settlementtotals. System 846 off-line functions process settlement and fundstransfer requests and provide settlement and activities reporting.Settlement service 848 consolidates the settlement functions of system844 and 846, including Interlink, into a single service for all productsand services. Clearing continues to be performed separately by system844 and system 846.

FIG. 16 illustrates another view of the components of telecommunicationsnetwork 800. Integrated payment system 850 is the primary system forprocessing all on-line authorization and financial request transactions.System 850 reports both dual message and single message processing. Inboth cases, settlement occurs separately. The three main softwarecomponents are the common interface function 852, authorization system842 and single message system 846.

Common interface function 852 determines the processing required foreach message received at an interchange center. It chooses theappropriate routing, based on the source of the message (system 842, 844or 846), the type of processing request and the processing network. Thiscomponent performs initial message editing, and, when necessary, parsesthe message and ensures that the content complies with basic messageconstruction rules. Function 852 routes messages to their system 842 orsystem 846 destinations.

Computer System Embodiment

FIGS. 17A and 17B illustrate a computer system 900 suitable forimplementing embodiments of the present invention. FIG. 17A shows onepossible physical form of the computer system. Of course, the computersystem may have many physical forms ranging from an integrated circuit,a printed circuit board and a small handheld device up to a huge supercomputer. Computer system 900 includes a monitor 902, a display 904, ahousing 906, a disk drive 908, a keyboard 910 and a mouse 912. Disk 914is a computer-readable medium used to transfer data to and from computersystem 900.

FIG. 17B is an example of a block diagram for computer system 900.Attached to system bus 920 are a wide variety of subsystems.Processor(s) 922 (also referred to as central processing units, or CPUs)are coupled to storage devices including memory 924. Memory 924 includesrandom access memory (RAM) and read-only memory (ROM). As is well knownin the art, ROM acts to transfer data and instructions uni-directionallyto the CPU and RAM is used typically to transfer data and instructionsin a bi-directional manner. Both of these types of memories may includeany suitable of the computer-readable media described below. A fixeddisk 926 is also coupled bi-directionally to CPU 922; it providesadditional data storage capacity and may also include any of thecomputer-readable media described below. Fixed disk 926 may be used tostore programs, data and the like and is typically a secondary storagemedium (such as a hard disk) that is slower than primary storage. Itwill be appreciated that the information retained within fixed disk 926,may, in appropriate cases, be incorporated in standard fashion asvirtual memory in memory 924. Removable disk 914 may take the form ofany of the computer-readable media described below.

CPU 922 is also coupled to a variety of input/output devices such asdisplay 904, keyboard 910, mouse 912 and speakers 930. In general, aninput/output device may be any of: video displays, track balls, mice,keyboards, microphones, touch-sensitive displays, transducer cardreaders, magnetic or paper tape readers, tablets, styluses, voice orhandwriting recognizers, biometrics readers, or other computers. CPU 922optionally may be coupled to another computer or telecommunicationsnetwork using network interface 940. With such a network interface, itis contemplated that the CPU might receive information from the network,or might output information to the network in the course of performingthe above-described method steps. Furthermore, method embodiments of thepresent invention may execute solely upon CPU 922 or may execute over anetwork such as the Internet in conjunction with a remote CPU thatshares a portion of the processing.

In addition, embodiments of the present invention further relate tocomputer storage products with a computer-readable medium that havecomputer code thereon for performing various computer-implementedoperations. The media and computer code may be those specially designedand constructed for the purposes of the present invention, or they maybe of the kind well known and available to those having skill in thecomputer software arts. Examples of computer-readable media include, butare not limited to: magnetic media such as hard disks, floppy disks, andmagnetic tape; optical media such as CD-ROMs and holographic devices;magneto-optical media such as floptical disks; and hardware devices thatare specially configured to store and execute program code, such asapplication-specific integrated circuits (ASICs), programmable logicdevices (PLDs) and ROM and RAM devices. Examples of computer codeinclude machine code, such as produced by a compiler, and filescontaining higher level code that are executed by a computer using aninterpreter.

While this invention has been described in terms of several preferredembodiments, there are alteration, permutations, and equivalents, whichfall within the scope of this invention. It should also be noted thatthere are many alternative ways of implementing the methods andapparatuses of the present invention. It is therefore intended that thefollowing appended claims be interpreted as including all suchalterations, permutations, and equivalents as fall within the truespirit and scope of the present invention.

1.-22. (canceled)
 23. A method including authenticating a cardholderduring an online transaction with a requesting party, the methodcomprising: receiving a chip authentication request from an accesscontrol server at a cardholder computer in response to receipt of acardholder authentication request by the access control server; andtransmitting a chip authentication response from the cardholder computerto the access control server that includes a cryptogram and a cardholderauthentication password, the cryptogram being generated by a chip cardand application in communication with the cardholder computer, theaccess control server thereafter generates a second cryptogram andcompares the second cryptogram to the cryptogram, and determines thatthe cardholder authentication password matches a stored password thatcorresponds to a cardholder account identifier based on a firstcomparison, and determines that the cryptograms match based on a secondcomparison, whereby the access control server authenticates thecardholder for the requesting party during the online transaction. 24.The method of claim 23, further comprising: transmitting data specificto the chip card to the access control server from the cardholdercomputer, and wherein the access control server generates the secondcryptogram using the data specific to the chip card.
 25. The method ofclaim 23, wherein the cardholder authentication password is not apersonal identification number (PIN) for use with an ATM or POS device.26. The method of claim 23, wherein the online transaction is a paymenttransaction.
 27. The method of claim 23, wherein the requesting party isa merchant operating a merchant computer, and wherein prior to receivingthe chip authentication request, a verify enrollment request is sentfrom the merchant computer at the access control server with thecardholder account identifier, and a verify enrollment response is sentfrom the control server to the merchant computer indicating thecardholder account identifier is enrolled.
 28. The method of claim 23,wherein the cardholder computer is a mobile telephone.
 29. The method ofclaim 23, wherein the cardholder computer comprises a distributedpayment authentication service (PAS) module.
 30. The method of claim 23,further comprising: determining if the cardholder computer includes achip card reader.
 31. The method of claim 30, further comprising:receiving the chip card at the chip card reader.
 32. The method of claim31, wherein the access control server is configured to end the onlinetransaction when the cardholder computer does not include the chip cardreader.
 33. The method of claim 23, wherein the cardholder computercomprises a display device, a PIN pad or a keyboard entry device, and acard reader.
 34. A cardholder computer comprising a processor and anon-transitory computer readable medium coupled to the processor, thecomputer readable medium comprising code, executable by the processorfor implementing a method comprising receiving a chip authenticationrequest from an access control server at the cardholder computer inresponse to receipt of a cardholder authentication request by the accesscontrol server; and transmitting a chip authentication response from thecardholder computer to the access control server that includes acryptogram and a cardholder authentication password, the cryptogrambeing generated by a chip card and application in communication with thecardholder computer, the access control server thereafter generates asecond cryptogram and compares the second cryptogram to the cryptogram,and determines that the cardholder authentication password matches astored password that corresponds to a cardholder account identifierbased on a first comparison, and determines that the cryptograms matchbased on a second comparison, whereby the access control serverauthenticates the cardholder during an online transaction with arequesting party.
 35. The cardholder computer of claim 34 wherein themethod further comprises: transmitting data specific to the chip card tothe access control server from the cardholder computer, and wherein theaccess control server generates the second cryptogram using the dataspecific to the chip card.
 36. The cardholder computer of claim 34,wherein the cardholder authentication password is not a personalidentification number (PIN) for use with an ATM or POS device.
 37. Thecardholder computer of claim 34, wherein the online transaction is apayment transaction.
 38. The cardholder computer of claim 34, whereinthe cardholder computer is a mobile telephone.
 39. The cardholdercomputer of claim 34, wherein the online transaction is a paymenttransaction.
 40. The cardholder computer of claim 34, wherein thecardholder computer comprises a display device, a PIN pad or a keyboardentry device, and a card reader.